How to get a list of critical sections in the process

Question

How to get a list of critical sections in the process

In WinDbg, you can call locks to get a list of all critical sections in the current process. I wonder if there is a way to invoke the debug API to retrieve the same list. I want to do this in a custom built-in debugger built in C ++, which is built on the Debug Engine APIs. Any thoughts?

Many thanks.

+3

windbg

awatto May 18, '12 at 20:51

source share

1 answer

seva titov · Accepted Answer · 2012-05-18T22:01:20+0000

This is relatively uncomplicated, you need to use the RTL_CRITICAL_SECTION_DEBUG structure. I added my annotations to the printout:

0:011> dt ntdll!_RTL_CRITICAL_SECTION_DEBUG
   +0x000 Type             : Uint2B
   +0x002 CreatorBackTraceIndex : Uint2B
   +0x004 CriticalSection  : Ptr32 _RTL_CRITICAL_SECTION  // This is pointer to actual critical section
   +0x008 ProcessLocksList : _LIST_ENTRY  // All critical sections are chained in this doubly linked list
   +0x010 EntryCount       : Uint4B
   +0x014 ContentionCount  : Uint4B
   +0x018 Flags            : Uint4B
   +0x01c CreatorBackTraceIndexHigh : Uint2B
   +0x01e SpareUSHORT      : Uint2B

, , ProcessLocksList , ProcessLocksList ( ). ProcessLocksList s, RTL_CRITICAL_SECTION, sizeof (void *).

, ProcessLocksList ntdll! RtlCriticalSectionList.

- , . :

  !list "-t ntdll!_LIST_ENTRY.Flink -e -x \"ln poi(@$extret-0x4); dt ntdll!_RTL_CRITICAL_SECTION poi(@$extret-0x4)\" ntdll!RtlCriticalSectionList"

x64, .

: x64:

  !list "-t ntdll!_LIST_ENTRY.Flink -e -x \"ln poi(@$extret-0x8); dt ntdll!_RTL_CRITICAL_SECTION poi(@$extret-0x8)\" ntdll!RtlCriticalSectionList"

How to get a list of critical sections in the process

More articles: